search

google / syzkaller

syzkaller is an unsupervised coverage-guided kernel fuzzer
Apache License 2.0
5.29k stars 1.2k forks source link

dashboard/app: bugzilla backend #1061

Open swills opened 5 years ago

swills commented 5 years ago

Is there an API that can be used to get data out programmatically? Would like to automate creating bugs in the FreeBSD bug tracker for new FreeBSD bugs and would prefer to avoid scraping the web-app. Thanks!

dvyukov commented 5 years ago

There is an API but it's not super simple. There is an "email" backend: https://github.com/google/syzkaller/blob/master/dashboard/app/reporting_email.go and there is an "external" backend: https://github.com/google/syzkaller/blob/master/dashboard/app/reporting_external.go this is effectively and HTTP API. There exchanged data structures are defined here (notably BugReport to file a new bug): https://github.com/google/syzkaller/blob/master/dashboard/dashapi/dashapi.go We use this to integrate with our internal bug tracker.

However:

  1. I can't promise full API stability. E.g. it's now being updated to account for bisection. I keep track our 1 external client, but if you have another one which is completely separated, updates may be problematic.
  2. If you take over reporting, it's not only creating bugs. You also need to send back status updates, fixing commits, react on updates from syzbot, etc. The bugs are fully machine-managed.

What bug trackers does FreeBSD use? Is it Bugzilla (https://bugs.freebsd.org/bugzilla/)? If so, it can make sense implement Bugzilla backend in syzbot so that it will talk directly to Bugzilla. This will solve the problem of API updates and may be reused by other kernels.

blackgnezdo commented 5 years ago

One suggestion. If at all practical, please create an integration test. These kinds of cross-system integrations are insanely brittle. If people maintaining syzkaller don't have an easy way to test the integration and don't use it themselves, it will get broken.

swills commented 5 years ago

API stability maybe not be too big of an issue, depending on how much it changes. Status updates might not be too bad, though I'm not sure about reacting to updates from syzbot.

Yes, that's the correct Bugzilla link. A Bugzilla back-end with integration tests would be nice.

dvyukov commented 5 years ago

Just to make it clear: I will hardly have any time to work on this. FWIW syzbot dashboard is a mini-bug-tracking system in itself already.